diff --git a/lib/balls_pds/jwt.ex b/lib/balls_pds/jwt.ex index 1c0cd49..96fee5b 100644 --- a/lib/balls_pds/jwt.ex +++ b/lib/balls_pds/jwt.ex @@ -10,7 +10,7 @@ defmodule BallsPDS.JWT do generate_jwk(raw_private_key) end - def generate_jwk(raw_private_key) when is_binary(raw_private_key) do + def generate_jwk(<>) do public_key = :crypto.generate_key(:eddsa, :ed25519, raw_private_key) |> elem(0) %{ @@ -91,11 +91,18 @@ defmodule BallsPDS.JWT do public_jwk = Map.drop(jwk, ["d"]) signer = Joken.Signer.create("EdDSA", public_jwk) - Logger.debug("KID: #{get_kid(jwt)}") - case Joken.verify_and_validate(public_jwk, jwt, signer) do {:ok, claims} -> {:ok, claims} {:error, reason} -> {:error, reason} end end + + def verify_jwt(jwt, jwk, subject) when is_binary(subject) do + case verify_jwt(jwt, jwk) do + {:ok, claims = %{"sub" => ^subject}} -> {:ok, claims} + {:ok, %{"sub" => _wrong_subject}} -> {:error, :wrong_subject} + {:ok, _claims} -> {:error, :missing_subject} + error = {:error, _} -> error + end + end end